1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Planning on moving my forums to SSL but there are considerations

Discussion in 'Forum Management' started by dawg, Sep 18, 2014.

  1. dawg

    dawg Well-Known Member

    My concerns and maybe some of you seasoned SSL folks can help me out.

    1. I have been serving my site with the "WWW" for 4 years, will moving my domain to just https://domain.com affect me? If so how? I dont want a wild card if i can avoid it but see #3

    2. I sell ad space and the code is provided by the company that sells it for me but they donot have SSL to serve those ads as far as I am aware.

    3. I use MAxCDN, how would that work? I looked in the control panel there and cants make heads nor tails out of it. Thanks.
     
  2. RoldanLT

    RoldanLT Well-Known Member

    Then this is is the #1 blocker for you.
    Will cost you hundred of dollar just for SSL+MAXCDN.

    Some of CDN provider offer SSL option for Free ;)

    Like CDNify and KeyCDN.
     
  3. dethfire

    dethfire Well-Known Member

    I talked to MaxCDN about SSL support. They have an SSL checkbox that you need to click. You don't need to buy anything special from them.
     
  4. Mouth

    Mouth Well-Known Member

    But you will need to update your CDN url within XF config.php
     
  5. Mouth

    Mouth Well-Known Member

    Who? Until they support SSL for their ad-serving then you cannot convert your site to ssl without causing your users to get browser errors. Or find another ad provider.
     
    surfsup likes this.
  6. Erik P.

    Erik P. Member

    Don't move your site off the www cname or you'll need to buy a wildcard SSL certificate which you don't need. Adding SSL will allow you to add SPDY support as well.
     
  7. Mouth

    Mouth Well-Known Member

    All www.mydomain.com SSL certs should also work with mydomain.com (but vice versa is not applicable.)
     
  8. Erik P.

    Erik P. Member

    @Mouth you are incorrect, sorry. common SSL certs are issued for a FQDN hostname, FQ being the key. The user will get a warning if the hostname being accessed is different than the one in the certificate. www.mydomain.com is different than mydomain.com is different than com. The only way you'll get a cert for mydomain.com is if it's is wildcard.
     
  9. Mouth

    Mouth Well-Known Member

    Best you go tell RapidSSL then, since you know better. They've done this for over 4 years now.
    Visit https://netrider.net.au and take a look at the certificate, which is base single domain cert issued to www.netrider.net.au Works fine, with no error or issue from browser.
     
    NewtonParadox likes this.
  10. FredC

    FredC Well-Known Member

    Comodo certificate ordered for domain.com is issued, signed and works both for domain.com and www.domain.com. And vice versa: if you order a certificate for www.domain.com, it will be issued for both www.domain.com. and domain.com.

    If Geotrust certificate is ordered for www.domain.com, the domain.com will also be covered. However, if you order it for domain.com, then you can not have it for www.domain.com.
     
    Mouth likes this.
  11. RoldanLT

    RoldanLT Well-Known Member

    @Erik P. is talking about your another set of sub domain that will be using for CDN like cdn.domain.com.
    That will not be covered by your ssl provider unless you purchased wildcard.
     
  12. Mouth

    Mouth Well-Known Member

    No, he specifically said www.mydomain.com SSL cert doesn't work for mydomain.com
    He's either confused/uninformed, or purposefully obsfucating (I'm sure the former). It needed picking-up and clarifying so anyone else reading this thread doesn't become mis-informed too.

    Yes, cdn.mydomain.com or fred.mydomain.com doesn't work for mydomain.com without a wildcard cert, but that is not what the OP was talking about.
     
  13. dawg

    dawg Well-Known Member

    What am i misinformed about? I asked what would dropping the WWW do to me in terms of search engine, logins etc... Because you need a wild card cert for the WWW. I didnt want to spend that much on a cert, although i have decided when i get the ads sorted that i aill go with wild card.

    I wont argue this further but do this correctly you need wild card for WWW.

    https://support.godaddy.com/help/article/567/what-is-a-wildcard-ssl-certificate

    https://www.namecheap.com/security/ssl-certificates/domain-validation.aspx
     
    Last edited: Sep 19, 2014
  14. dawg

    dawg Well-Known Member

    Your SSL is broken.

    Screenshot - 09192014 - 01:02:36 PM.png
     
  15. Ridemonkey

    Ridemonkey Well-Known Member

    Not really, you have to look closer. His certificate is fine, which is what you're arguing about. His site happens to be serving both secure and insecure content, but the actual certificate is verified.
     
  16. dawg

    dawg Well-Known Member

    I understand but why bother with SSL if you have those issues? It has to be done right for me or not at all, thats just the way i am.

    I just looked at all the major forums the big ones, none of them have SSL. I think i will put this idea on the back burner for now. To much of a pain.
     
  17. Ridemonkey

    Ridemonkey Well-Known Member

    Incidentally... note the address of the website and the Issued To address.

    netrider_secure.jpg netrider_secure2.jpg
     
    Mouth likes this.
  18. Ridemonkey

    Ridemonkey Well-Known Member

    Maybe, but his configuration doesn't really have anything to do with how you configure yours.

    In any event, I think the above screenshots are pretty conclusive that you do not need a wildcard cert to support the www subdomain. If the certificate were a wildcard cert it would have been issued against *.netrider.net.au.
     
    Mouth likes this.
  19. dawg

    dawg Well-Known Member

    It has everything to do it with it. You are arguing a point and you use a bad example as your argument. The people here that have SSL setup correctly do not have those issues.
     
  20. Ridemonkey

    Ridemonkey Well-Known Member

    I am supporting a point made earlier that this:
    Is clearly not universally true, since there is an obvious and clearly demonstrated example of using a non-wildcard cert, issued to www.domain.com but supporting domain.com, by a respectable and widely used certificate authority.

    His choice to serve insecure ads or other insecure content through his secure website has nothing whatsoever to do with that point.
     

Share This Page